IT Baseline Protection Manual T 3.25 Negligent deletion of objects
T 3.25 Negligent deletion of objects
Novell Netware 4.x makes it possible, for the first time, to delete the Admin object which will be created automatically during installation. This object, which replaces the Supervisor familiar from Netware 3.x, is created during the very first installation of a Netware 4 network and initially possesses all administration rights. Its ability to delete this object creates the following potential threats:
If no replication of the administrator ("repl.-admin")is created as an object inside NDS, it could become impossible to administer the NDS or individual containers. This would make it necessary to re-install the NDS and to re-create all the contained objects, which could lead to a complete breakdown of the Netware 4 network.
In a decentrally administered Netware 4 network, administrators are usually configured at the organisational level (container level). The IRF (inherited rights filter) makes it possible to restrict or disable the inheritance of rights by other administrators to subordinate organisations, so that only the decentral administrator possesses all rights. If this administrator isdeleted from the NDS, an entire organisational unit can no longer be managed, because the other administrators do not have access to this container. Because of the decentral administration (distribution of administrative tasks) it is no longer possible to manage the container from other administrators